Virtual NICs w/different MAC addresses

Is it possible to set up a virtual NIC with a MAC address other than the
one of the host (physical) NIC, and use dhcpcd/pump/dhclient and have a
DHCP server assign an address to it?

I have Internet access via cable, and my contract allows me to connect
up to 5 different PCs to the cable modem. The ISP uses DHCP to assign IP
addresses, and although the 5 addressess will always be in the same
subnet, they are not contiguous and may change from time to time.

This is what I'm trying to do: I want a Linux-based firewall between the
'net and my PCs, and I would like to NAT the PCs behind different IP
addresses.

The problem is that the firewall PC obviously only gets assigned one
address when I run 'dhcpcd eth0'. Creating an alias and running dhcpcd
again (dhcpcd eth0:0) doesn't work as eth0:0 has the same MAC address as
eth0. I guess could stick 4 extra NICs in the firewall, but surely there
must be a better way to do it?

KR <(E-Mail Removed)> writes:

> Is it possible to set up a virtual NIC with a MAC address other than
> the one of the host (physical) NIC, and use dhcpcd/pump/dhclient and
> have a DHCP server assign an address to it?
>
> I have Internet access via cable, and my contract allows me to connect
> up to 5 different PCs to the cable modem. The ISP uses DHCP to assign
> IP addresses, and although the 5 addressess will always be in the same
> subnet, they are not contiguous and may change from time to time.
>
> This is what I'm trying to do: I want a Linux-based firewall between
> the 'net and my PCs, and I would like to NAT the PCs behind different
> IP addresses.
>
> The problem is that the firewall PC obviously only gets assigned one
> address when I run 'dhcpcd eth0'. Creating an alias and running dhcpcd
> again (dhcpcd eth0:0) doesn't work as eth0:0 has the same MAC address
> as eth0. I guess could stick 4 extra NICs in the firewall, but surely
> there must be a better way to do it?

Is there a reason all five machines need to be externally visible? My
home configuration has a single externally visible IP address, which
is my gateway. Behind that, all my machines are NATed; they can all
connect out, but you can only connect to one of them (not the gateway,
and not the file/DHCP/DNS/printer/etc server) from outside. And you
can only connect to that one with SSH (if I had the bandwidth, I'd
open up a second hole for HTTP). If for some reason you have to get
to any of the other machines, you SSH to the externally-visible
machine, and then connect from there to one of the other machines.
--
Joseph J. Pfeiffer, Jr., Ph.D. Phone -- (505) 646-1605
Department of Computer Science FAX -- (505) 646-1002
New Mexico State University http://www.cs.nmsu.edu/~pfeiffer
Southwestern NM Regional Science and Engr Fair: http://www.nmsu.edu/~scifair

KR wrote:

> Is it possible to set up a virtual NIC with a MAC address other than the
> one of the host (physical) NIC, and use dhcpcd/pump/dhclient and have a
> DHCP server assign an address to it?
>
> I have Internet access via cable, and my contract allows me to connect
> up to 5 different PCs to the cable modem. The ISP uses DHCP to assign IP
> addresses, and although the 5 addressess will always be in the same
> subnet, they are not contiguous and may change from time to time.
>
> This is what I'm trying to do: I want a Linux-based firewall between the
> 'net and my PCs, and I would like to NAT the PCs behind different IP
> addresses.
>
> The problem is that the firewall PC obviously only gets assigned one
> address when I run 'dhcpcd eth0'. Creating an alias and running dhcpcd
> again (dhcpcd eth0:0) doesn't work as eth0:0 has the same MAC address as
> eth0. I guess could stick 4 extra NICs in the firewall, but surely there
> must be a better way to do it?
>

While you can change the MAC, you'd still just have only one for use by all
aliases. However, you can configure the firewall to pass multiple IPs, and
perhaps use it as a dhcp agent, to relay the requests, from the individual
computers, to the ISP.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

James Knott wrote:
>
> While you can change the MAC, you'd still just have only one for use by all
> aliases. However, you can configure the firewall to pass multiple IPs, and
> perhaps use it as a dhcp agent, to relay the requests, from the individual
> computers, to the ISP.
>

That would probably work, but then I'd have the valid IPs on the inside
of the firewall. I'd like the internal network to be all RFC 1918
addresses, and NAT these to the ISP assigned addresses as needed.

In article <4097e6de$(E-Mail Removed)>,
KR <(E-Mail Removed)> wrote:
> Is it possible to set up a virtual NIC with a MAC address other than the
> one of the host (physical) NIC, and use dhcpcd/pump/dhclient and have a
> DHCP server assign an address to it?
>
> I have Internet access via cable, and my contract allows me to connect
> up to 5 different PCs to the cable modem. The ISP uses DHCP to assign IP
> addresses, and although the 5 addressess will always be in the same
> subnet, they are not contiguous and may change from time to time.
>
> This is what I'm trying to do: I want a Linux-based firewall between the
> 'net and my PCs, and I would like to NAT the PCs behind different IP
> addresses.

Get a hub; on your firewall box put two NICs -- one leading to the cable
modem, one leading to the hub. All other machines hook up to the hub. NAT
them. I used to do this, until I got a wireless router.

--
-eben (E-Mail Removed)m home.tampabay.rr.com/hactar
VIRGO: All Virgos are extremely friendly and intelligent - except
for you. Expect a big surprise today when you wind up with your
head impaled upon a stick. -- Weird Al, _Your Horoscope for Today_

KR <(E-Mail Removed)> wrote in message news:<4097e6de$(E-Mail Removed)>...
> Is it possible to set up a virtual NIC with a MAC address other than the
> one of the host (physical) NIC, and use dhcpcd/pump/dhclient and have a
> DHCP server assign an address to it?
>
> I have Internet access via cable, and my contract allows me to connect
> up to 5 different PCs to the cable modem. The ISP uses DHCP to assign IP
> addresses, and although the 5 addressess will always be in the same
> subnet, they are not contiguous and may change from time to time.

Don't bet on the fact that they will be on the same subnet (unless the
ISP promises and offers up his privates for a breach). The "typical"
URB that acts as the CMs gateway can support up to 6 subnets on the
same _physical_ cable segment -- ugly.

> This is what I'm trying to do: I want a Linux-based firewall between the
> 'net and my PCs, and I would like to NAT the PCs behind different IP
> addresses.

So use MASQing and keep your lan IPs private _and_ under your control.

> The problem is that the firewall PC obviously only gets assigned one
> address when I run 'dhcpcd eth0'. Creating an alias and running dhcpcd
> again (dhcpcd eth0:0) doesn't work as eth0:0 has the same MAC address as
> eth0. I guess could stick 4 extra NICs in the firewall, but surely there
> must be a better way to do it?

First, it is not clear to me why you want/need to use the ISP
addresses at all -- beyond the one for your FW. Simply use MASQing at
the FW and use private addresses on the lan.

If you need to use your ISP's dhcp addresses, then you need something
like dhcrelay (man dhcrelay -- it's available on RH -- or try
http://www.isc.org/ ). This will relay the dhcp requests to the
servers and relay back the replies to the clients.

Beware -- this will make setting up your FW filter rules a much bigger
pain than if you used private (static) IPs on the lan -- IPs that
_you_ assign/control. Not to mention that your entire lan will then
be exposed/reachable from the internet -- are you _sure_ you want that
headache?

hth,
prg
email above disabled